-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathmain.go
128 lines (117 loc) · 4.2 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
//go:generate go run cmd/support/generate/main.go
package main
import (
"context"
"embed"
"errors"
"fmt"
"log"
"os"
"github.com/aws/smithy-go"
"github.com/dcoker/biscuit/algorithms"
"github.com/dcoker/biscuit/algorithms/aesgcm256"
"github.com/dcoker/biscuit/algorithms/plain"
"github.com/dcoker/biscuit/algorithms/secretbox"
"github.com/dcoker/biscuit/cmd"
"github.com/dcoker/biscuit/cmd/awskms"
"gopkg.in/alecthomas/kingpin.v2"
)
var (
Version = "n/a"
)
//go:embed data/*
var fileSystem embed.FS
func registerAlgorithms() error {
if err := algorithms.Register(secretbox.Name, secretbox.New()); err != nil {
return err
}
if err := algorithms.Register(plain.Name, plain.New()); err != nil {
return err
}
if err := algorithms.Register(aesgcm256.Name, aesgcm256.New()); err != nil {
return err
}
return nil
}
func main() {
os.Setenv("COLUMNS", "80") // hack to make --help output readable
if err := registerAlgorithms(); err != nil {
log.Fatal(err)
}
app := kingpin.New("biscuit", mustAsset("data/usage.txt"))
app.Version(Version)
app.UsageTemplate(kingpin.LongHelpTemplate)
getFlags := app.Command("get", "Read a secret.")
putFlags := app.Command("put", "Write a secret.")
listFlags := app.Command("list", "List secrets.")
exportFlags := app.Command("export", "Print all secrets to stdout in plaintext YAML.")
kmsFlags := app.Command("kms", "AWS KMS-specific operations.")
kmsIDFlags := kmsFlags.Command("get-caller-identity", "Print the AWS credentials.")
kmsInitFlags := kmsFlags.Command("init", mustAsset("data/kmsinit.txt"))
kmsDeprovisionFlags := kmsFlags.Command("deprovision", "Deprovision AWS resources.")
kmsEditKeyPolicyFlags := kmsFlags.Command("edit-key-policy", mustAsset("data/kmseditkeypolicy.txt"))
kmsGrantsFlags := kmsFlags.Command("grants", "Manage KMS grants.")
kmsGrantsListFlags := kmsGrantsFlags.Command("list", mustAsset("data/kmsgrantslist.txt"))
kmsGrantsCreateFlags := kmsGrantsFlags.Command("create", mustAsset("data/kmsgrantcreate.txt"))
kmsGrantsRetireFlags := kmsGrantsFlags.Command("retire", mustAsset("data/kmsgrantsretire.txt"))
getCommand := cmd.NewGet(getFlags)
writeCommand := cmd.NewPut(putFlags)
listCommand := cmd.NewList(listFlags)
exportCommand := cmd.NewExport(exportFlags)
kmsIDCommand := awskms.KmsGetCallerIdentity{}
kmsEditKeyPolicy := awskms.NewKmsEditKeyPolicy(kmsEditKeyPolicyFlags)
kmsGrantsListCommand := awskms.NewKmsGrantsList(kmsGrantsListFlags)
kmsGrantsCreateCommand := awskms.NewKmsGrantsCreate(kmsGrantsCreateFlags)
kmsGrantsRetireCommand := awskms.NewKmsGrantsRetire(kmsGrantsRetireFlags)
kmsInitCommand := awskms.NewKmsInit(kmsInitFlags, mustAsset("data/awskms-key.template"))
kmsDeprovisionCommand := awskms.NewKmsDeprovision(kmsDeprovisionFlags)
behavior := kingpin.MustParse(app.Parse(os.Args[1:]))
ctx := context.Background()
var err error
switch behavior {
case getFlags.FullCommand():
err = getCommand.Run(ctx)
case putFlags.FullCommand():
err = writeCommand.Run(ctx)
case listFlags.FullCommand():
err = listCommand.Run(ctx)
case kmsIDFlags.FullCommand():
err = kmsIDCommand.Run(ctx)
case kmsInitFlags.FullCommand():
err = kmsInitCommand.Run(ctx)
case kmsEditKeyPolicyFlags.FullCommand():
err = kmsEditKeyPolicy.Run(ctx)
case kmsGrantsCreateFlags.FullCommand():
err = kmsGrantsCreateCommand.Run(ctx)
case kmsGrantsListFlags.FullCommand():
err = kmsGrantsListCommand.Run(ctx)
case kmsDeprovisionFlags.FullCommand():
err = kmsDeprovisionCommand.Run(ctx)
case kmsGrantsRetireFlags.FullCommand():
err = kmsGrantsRetireCommand.Run(ctx)
case exportFlags.FullCommand():
err = exportCommand.Run(ctx)
}
if err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
var apiErr smithy.APIError
if errors.As(err, &apiErr) {
switch apiErr.ErrorCode() {
case "MissingRegion":
fmt.Fprintf(os.Stderr, "Hint: Check or set the AWS_REGION environment variable.\n")
case "ExpiredTokenException":
fmt.Fprintf(os.Stderr, "Hint: Refresh your credentials.\n")
case "InvalidCiphertextException":
fmt.Fprintf(os.Stderr, "Hint: key_ciphertext may be corrupted.\n")
}
}
os.Exit(1)
}
}
func mustAsset(filename string) string {
bytes, err := fileSystem.ReadFile(filename)
if err != nil {
panic(err)
}
return string(bytes)
}